Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

How to Easily Pass the ISC CISSP Exam: Expert Advice

Questions 151

Refer to the information below to answer the question.

A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.

The organization should ensure that the third party's physical security controls are in place so that they

Options:

A.

are more rigorous than the original controls.

B.

are able to limit access to sensitive information.

C.

allow access by the organization staff at any time.

D.

cannot be accessed by subcontractors of the third party.

Buy Now
Questions 152

Refer to the information below to answer the question.

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.

When determining appropriate resource allocation, which of the following is MOST important to monitor?

Options:

A.

Number of system compromises

B.

Number of audit findings

C.

Number of staff reductions

D.

Number of additional assets

Buy Now
Questions 153

What is the PRIMARY reason for ethics awareness and related policy implementation?

Options:

A.

It affects the workflow of an organization.

B.

It affects the reputation of an organization.

C.

It affects the retention rate of employees.

D.

It affects the morale of the employees.

Buy Now
Questions 154

Which of the following methods provides the MOST protection for user credentials?

Options:

A.

Forms-based authentication

B.

Digest authentication

C.

Basic authentication

D.

Self-registration

Buy Now
Questions 155

Refer to the information below to answer the question.

A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.

The third party needs to have

Options:

A.

processes that are identical to that of the organization doing the outsourcing.

B.

access to the original personnel that were on staff at the organization.

C.

the ability to maintain all of the applications in languages they are familiar with.

D.

access to the skill sets consistent with the programming languages used by the organization.

Buy Now
Questions 156

Which of the following MOST influences the design of the organization's electronic monitoring policies?

Options:

A.

Workplace privacy laws

B.

Level of organizational trust

C.

Results of background checks

D.

Business ethical considerations

Buy Now
Questions 157

Refer to the information below to answer the question.

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.

Which of the following solutions would have MOST likely detected the use of peer-to-peer programs when the computer was connected to the office network?

Options:

A.

Anti-virus software

B.

Intrusion Prevention System (IPS)

C.

Anti-spyware software

D.

Integrity checking software

Buy Now
Questions 158

A business has implemented Payment Card Industry Data Security Standard (PCI-DSS) compliant handheld credit card processing on their Wireless Local Area Network (WLAN) topology. The network team partitioned the WLAN to create a private segment for credit card processing using a firewall to control device access and route traffic to the card processor on the Internet. What components are in the scope of PCI-DSS?

Options:

A.

The entire enterprise network infrastructure.

B.

The handheld devices, wireless access points and border gateway.

C.

The end devices, wireless access points, WLAN, switches, management console, and firewall.

D.

The end devices, wireless access points, WLAN, switches, management console, and Internet

Buy Now
Questions 159

Refer to the information below to answer the question.

During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.

If it is discovered that large quantities of information have been copied by the unauthorized individual, what attribute of the data has been compromised?

Options:

A.

Availability

B.

Integrity

C.

Accountability

D.

Confidentiality

Buy Now
Questions 160

Place the following information classification steps in sequential order.

CISSP Question 160

Options:

Buy Now
Questions 161

When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following?

Options:

A.

Perform a service provider PCI-DSS assessment on a yearly basis.

B.

Validate the service provider's PCI-DSS compliance status on a regular basis.

C.

Validate that the service providers security policies are in alignment with those of the organization.

D.

Ensure that the service provider updates and tests its Disaster Recovery Plan (DRP) on a yearly basis.

Buy Now
Questions 162

Refer to the information below to answer the question.

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.

Which of the following will indicate where the IT budget is BEST allocated during this time?

Options:

A.

Policies

B.

Frameworks

C.

Metrics

D.

Guidelines

Buy Now
Questions 163

During the procurement of a new information system, it was determined that some of the security requirements were not addressed in the system specification. Which of the following is the MOST likely reason for this?

Options:

A.

The procurement officer lacks technical knowledge.

B.

The security requirements have changed during the procurement process.

C.

There were no security professionals in the vendor's bidding team.

D.

The description of the security requirements was insufficient.

Buy Now
Questions 164

Which of the following is required to determine classification and ownership?

Options:

A.

System and data resources are properly identified

B.

Access violations are logged and audited

C.

Data file references are identified and linked

D.

System security controls are fully integrated

Buy Now
Questions 165

A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?

Options:

A.

Spoofing

B.

Eavesdropping

C.

Man-in-the-middle

D.

Denial of service

Buy Now